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TITLE OF THE INVENTION 

SECURE UPSTREAM TRANSMISSION IN PASSIVE OPTICAL NET- 
WORKS 

BACKGROUND OF THE INVENTION 

Field of the invention: 

The invention relates to communication net- 
works and optical transmission technology .' Particu- 
larly, the invention relates to Ethernet passive opti- 
cal networks and improving security therein using op- 
tical disturbing reflectors. 

Description of the Related Art: 

In the last few years the requirements for 
consumer bandwidth have grown rapidly. To meet the de- 
mand for increased bandwidth new. access network tech- 
nologies have been developed. One such technology is 
based on the Institute of Electrical and Electrdnics 
Engineers (IEEE) 802 . 3 ah standard. 802 . 3 ah is a -trade- 
mark of the IEEE inc. .The standard is also known as 
Ethernet in the First Mile (EFM) . The ..aim. of IEEE 
802 . 3ah is to bring. Ethernet to ordinary consumers, 
thereby becoming an alternative for modem dial up 
lines and DSL connections as the primary access be- 
tween a consumer and her internet service provider . 
The IEEE 802 . 3 ah standard also introduces the Ethernet 
Passive Optical Networks (EPON) concept. The EPON is a 
Point -to-Multipoint (P2MP) network topology . : The to- 
pology is implemented with passive optical splitters 
and Media Access Control (MAC) and MAC Control sublay- 
ers and physical layers that support this topology.. 

Reference is now made to Figure 1, which, il- 
lustrates the architecture of a prior art EPON. The 
EPON comprises a HUB 100, to which an optical fiber 
. 120 is connected. HUB 100 may be a passive physical 



layer signal repeater or a higher protocol layer 
equipment such as , a bridge or a router. In some con- 
texts a HUB is also referred to as an OLT (Optical 
Line Terminal) . For the purpose of this invention a 
HUB such as HUB 100 is generally any kind, of piece of 
network equipment that engages in communication with 
at least one optical network unit in the EPON or other 
equivalent medium. The optical fiber must be connected 
to Optical Network Units (QNU) lib, 112,. 114 and 116. 
Typically, the ONUs are located in customer premises. 
HUB 100 connects the EPON : to an Internet Service Pro- 
vider (ISP) access router or similar equipment via an 
upstream connection 128. In order to accomplish the 
connecting of HUB 100 to each of the ONUs 110-116, an 
optical fiber 120 connects, to an optical splitter 102, 
which connects to fibers 121 and 122.. Fiber 121 cori- 
,nects to fibers 123 and 124 via an optical splitter 
104 . Finally, . fiber 123 is connected to ONU 110, fiber 
124 to ONU 112, a fiber 125 to ONU 114 and a fiber 126 
to ONU 116. The direction from the ONUs 110-116 to- 
wards' HUB 100 is referred to as upstream, whereas the 
opposite direction from HUB 100 towards the ONUs 110- 
116 is referred to as downstream. A, signal- 130, 131 
transmitted from ONU 110 traverses towards HUB 100 via 
optical splitters . 104 and 102 . However , a part of sig- 
nal 13 0 may be. reflected, for instance, from splitter 
104 making the signal, perceivable at ONU 112 . Upsteam 
and downstream signal traverses . in the same f iber, us- 
ing different wavelengths. Other option is to have 
separate fiber for up and downstream but this does hot 
remove the security problem. 

The drawback of the prior art IEEE 802 . 3ah is 
that the upstream traffic from any . given ONU may be 
detectable from other ONU access points due to various 
unwanted signal reflections.. The. unwanted signal re- 
flections may not be removed, or even noticed from the 
network beforehand. The problem is further illustrated 



in Figure 2. An ONU 202 transmits a signal 220 that is 
to be received exclusively by a HUB 230. Along the 
transmission path ' from ONU 202 to HUB 230, there is at 
least a first fiber 212, an optical splitter 200 and a 
second fiber 210 .< Fiber 210 connects to at leaist two 
fibers 212 and 2i4 by means of optical splitter 200. 
Associated with fiber 210 is also a reflecting element 
206, which reflects part of signal 220 as a reflection 
222, which is an unwanted reflection Reflection 222 is 
in turn split at optical splitter 200 and becomes per- 
ceivable at an ONU . 204 : Reflecting element 206 can bje , 
for instance, -a fiber connector, a fiber breaking 
point, an open fiber end or a second splitter along 
the fiber path, between ONU 2 02 and HUB 22 0 . Reflecting 
elements where discrete back, reflections may . occur 
cause privacy and confidentiality problems in EPONs/.. 
The most, critical places in EPONs are on the upstream 
side of. the splitter that is closest to the transmit- 
ting user . 

In order to overcome these problems: various 
solutions have been proposed in prior art. One such 
solution is to use encryption for the upstream data 
traffic, for instance, so that an encrypted . point-to- 
point data link layer, connection is. formed' between HUB 
230 and transmitting ONU 202 . The encryption may be 
based on a symmetric encryption method or an asymmet- 
ric encryption method. However, due to the point -to- 
multipoint, nature of EPONs, the downstream traffic 
from HUB 23.0 to a given ONU may be encrypted in order 
to . prevent eavesdropping by other ONUs connected to 
the same EPON [MLA5 ] [0PH6 ] . The key exchange/mechanisms 
to be used in the case where the upstream connection 
cannot be regarded as secure, are vastly more compli- 
cated compared to the case where the upstream connec- 
tion can be regarded as reliable. By a secure connec- 
tion in this case is meant a connection supporting 
privacy and confidentiality. More complicated mecha- 



nisms always leads to. the consumption of processing 
capacity e.g. in ONUs 202, 204 and delays in transmis- 
sion . Encryption is not a mandatory feature as such in 
EPON. In some implementations the system could be used 
without encryption. ' 

An example of a key exchange mechanism to be 
used when the upstream connection is not reliable is 
the Dif f ie-Hellman protocol, which is disclosed e.g. 
in IETF RFC .2631. If the upstream connection is se- 
cure, the establishing of a secure downstream connec- 
tion from e.g. HUB 230 to ONU- 2 02 is rather easy e.g. 
it is sufficient to transmit a shared secret or en- 
cryption key from ONU 202 to HUB 230 prior to down- 
stream signal transmission. 

If separate fiber is used for up and down- 
stream optical isolators can be used to overcome the 
security problems. This is rather expensive, solution. 

PURPOSE OF THE INVENTION 

The purpose of the invention is to solve the 
problems discussed before. Particularly, the purpose 
of the invention is . to ensure secure and confidential 
upstream data transmission in Ethernet passive optical 
networks . 

SUMMARY OF THE INVENTION: 

The invention discloses a method for ensuring 
confidentiality of signal transmission in a point- to- 
multipoint data transmission network comprising at 
least one hub, at least one transmission medium and at 
least one station connected to the hub via the at 
least one transmission medium.. In the method an up- 
stream signal is transmitted . from a first station. The 
upstream signal is reflected by at least one disturb- 
ing reflector "for producing a disturbing reflection 
and the . disturbing, reflection, is combined with a sec- 



ond reflection of the upstream signal to render the 
second reflection .uridecodable by a second station. 

The invention discloses also a system for en- 
suring confidentiality of signal transmission in a 
pdint-to-multipoint data transmission, network compris- 
ing at least one hub, at least one transmission medium 
and at least one. station connected to the hub via the 
at least one transmission medium. The disclosed system 
further comprises at least one disturbing reflector 
placed upstream* of a station and a possible point of 
eavesdropping, for producing a disturbing reflection 
of a signal transmitted by the station. The disturbing 
reflection combines with a second reflection of the 
signal. " '. 

The invention also discloses a network, com- 
prising at least one hub, transmission medium and at 
least one station, connected to the hub via the: trans- 
mission medium. The data transmission network further 
comprises at least one disturbing reflector placed up- 
stream of a: station and a possible point of eavesdrop- 
ping ; . in the transmission network for producing. a dis- 
turbing reflection of a signal transmitted by the sta- 
tion. The disturbing reflection confines with a second, 
reflection of the signal. 

The invention also discloses a transmission, 
apparatus comprising at least one optical splitter and 
at least one connector/ for an optical network unit.. 
The transmission apparatus further comprises at least 
one. disturbing reflector placed upstream of a station 
and a. possible point, of eavesdropping in the transmis- 
sion network for producing a . disturbing reflect ion of 
a signal transmitted by the station. The- disturbing 
reflection combines with a second reflection of the 
signal . 

The disturbing reflector is beneficially lo- 
cated on . the upstream side of a splitter, which con- 
nects the transmitting station and the station that is 



eavesdropping. The disturbing reflector can be also on 
the upstream side -of the unwanted reflection. The dis- 
turbing reflector produces a disturbing signal, which 
makes the detection of the unwanted reflection impos- 
sible. 

In one embodiment of the invention the second 
reflection is an unwanted reflection. ..In one embodi- 
ment of the invention the . reflection and combining 
means comprise a disturbing reflector , which produces 
a reflection of, a signal transmitted; via one of the 
connectors , and a splitter , which combines the signal 
transmitted and the reflection produced. In one em- 
bodiment of the invention the transmission medium is 
an optical fiber. It should.be noted that by an opti- 
cal fiber in this case is meant either a single physi- 
cal fiber or several, interconnected fibers that are 
connected using splitters. The transmission medium may 
also be any other medium/ for example a coaxial cable. 
The transmission medium may also comprise two seiparate 
physical circuits or channels , one for upstream traf- 
fic dud the other for downstream traffic . In the case 
where the transmission medium is an optical fiber,, the 
data transmission network may be an Ethernet passive 
optical network and the stations may be optical net- 
work units . A disturbing ref lector can be a long con- 
tinuous, reflector or combined • from - a number of dis- 
crete reflectors . Examples of reflectors are the. Bragg 
reflectors. The disturbing reflectors may be located 
in a redundant branch of an optical splitter. 

The benefits of the invention are related to, 
the confidentiality, and security, of signal transmis- 
sion in EPONs. The method and system is simplified 
since there is no need for expensive mutual key ex- 
change algorithms. It is sufficient to provide confi- 
dentiality in the downstream transmission. .Processing 
performance in the . ONUs : is saved: Similarly, the delay 
in . the transmission of data is avoided, because the 



key exchange before data transmission can be simpli- 
fied or omitted. 

BRIEF DESCRIPTION OF THE DRAWINGS: 

. . The accompanying drawings, which are included 
to provide a further understanding of the invention 
and constitute, a part of this specif icatibn, illus- 
trate embodiments of the invention and. together.- with; 
the description help to explain the principles of the 
invention. In the drawings : 

Fig. 1 is a block diagram illustrating, a 
prior art solution that shows the structure and topol- 
ogy of .an EPON, 

Fig.- 2 is a block diagram illustrating a 
prior art solution that shows a confidentiality and 
privacy- problem associated with prior art EPONs, 

/ Fig. 3 is a block diagram depicting a system, 
a network and a transmission apparatus utilizing the 
use of optical disturbing reflectors , : in accordance 
with, the invention. . 

Fig. 4 is a block diagram illustrating the 
use of a disturbing, reflector combined from discrete 
reflectors, in accordance with the invention. 

Fig. 5 is a block diagram illustrating the 
use of a single long continuous reflector; in accor- 
dance with the invention. 

Fig . 6 is a block diagram depicting one em-, 
bodiment of the invention utilizing a 2*N or N*N* opti- 
cal splitter; . 

DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS : 

Reference will now be made in detail to. the 
embodiments of ' the present invention, examples of 
which are illustrated in the accompanying drawings . 

Figure 3 illustrates a block diagram depict- 
ing an EPON that utilizes one embodiment of the ihven-. 
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tion. The exemplary EPON comprises two ONUs 202, 204. 
ONUs 202 and 2 04 t are connected to. an optical splitter 
200 that connects fiber 210 to a fiber 212 and a fiber 
214. ONU 2 02 acts as the transmitting terminal that is 
5 transmitting a signal 220 to fiber 210. . ONU 204 is 
causing a potential confidentiality problem for the 
transmission, since signal 220 is treflected back from 
a reflecting element 206 so that the intensity of the 
reflection permits reception at ONU 204 end of fiber 
.10 214. Reflecting element. 206 is assumed to be a part of 
the EPON infrastructure, which cannot be eliminated or 
is too difficult and/or expensive to eliminate. Be- 
sides, its precise location or reflecting quality may 
be unknown. In accordance with the invention, fiber 
15 210 is equipped with three disturbing reflectors 300, 
302 and 304. The numbers of disturbing reflectors, 
ONUs and. HUBs mentioned herein should be seen just as 
examples for the purposes of the description of the 
invention. The number of disturbing reflectors, ONUs 
20 and. HUBs is thus not limited to their number in this 
example or any other example explained herein, but in- 
stead may vary in any embodiments or. implementations 
of the invention. Particularly, the .number of 
disturbing reflectors may be chosen by a network 
25 designer. . 

• . Signal 220 transmitted from ONU 204 is . re- 
flected at each of the disturbing reflectors 30.0,. . 302. 
and 304, thereby generating the disturbing. reflections 
224, 226 and 228 respectively. Transmitted, signal 220 
30 may be recoverable from a reflection 222 directly, 
since no other signals of sufficient intensity are 
combined with it. From the point of view of this em- 
bodiment, reflection 222 can be denoted as an unwanted 
reflection. However, at reflector 300, reflection 222 
35 combines, with a second reflection of the signal 220,. 
which, is caused by reflector 300. Due to propagation 
delay, the second reflection has a time displacement 



from the reflection 222. Due. to the time displacement, 
reflection signal , 224 that includes reflection 222 and 
the second reflection is scrambled. The bits of re- 
flection 222 and the second reflection are not aligned 
in time. Reflection signal 224 is further combined 
with a reflection of transmitted signal 220 at dis- 
turbing reflector 302 thereby generating a reflection 
signal 226 where signal 224 is further scrambled. Fi- 
nally, reflection signal 226 is further combined with 
a reflection of , the. transmitted signal 220 . at the dis- 
turbing reflector 304 resulting in a reflection signal 
228 . When reflection signal 228 .. is received at ONU 
204/ original signal 220 is no longer recoverable 
since reflection signal-. .228 , is a combination of sev- 
eral reflections of .original signal 220/ - each reflec- 
tion having a different time displacement from the 
start of signal 220. ' ' 

^ Figure 4 illustrates a block diagram depict- 
ing one embodiment of the invention where disturbing 
reflectors . , are implemented as discrete reflectors, for 
example; as Bragg reflectors. An original signal 410 
sent on an optical fiber 400 is reflected at three 
different disturbing reflectors 402, 4 04> arid 4 06 : in- 
serted to an optical fiber 400. A reflected- signal 412 
represents a combination of each of the reflections, 
caused by reflectors 4.02, 404 and 406. A pulse of 
original signal 410 is depicted on X - axis 4 21 and Y - 
axis 42 0, where Y-axis 420 represents signal intensity 
and X-axis 421 time. A resulting signal pulse .412; is 
as well depicted on X-axis 421 and Y - axis 4 2 0 \ ' The re- 
flected signal 412 represents a sum of lower intensity 
reflections of original signal pulse 410. Each reflec- 
tion has different, time displacement from the start of 
original signal 410 thereby producing reflected signal 
412 in which signal pulse is scrambled. 

Figure 5. is .illustrates a block diagram de- 
picting one embodiment of the invention' where disturb- 



ing reflectors are implemented as a single long con- 
tinuous reflector., An optical fiber 400 along which a 
signal 410 is transmitted has a long continuous re- . 
f lector 500. The long continuous reflector 500 re- 
flects signal energy of signal 410 along the whole 
length of long continuous reflector 500. The reflec- 
tion characteristics may vary along the length of the 
long continuous reflector 500, thereby producing a re- 
flection 502 of uneven intensity. When combined with 
an unwanted reflection of transmitted signal 410, re- 
flection 502 will scramble the unwanted reflection 
thereby rendering it unrecognizable . The long continu- 
ous reflector must produce a .reflection of sufficient 
intensity taking into consideration the intensity of 
the : reflection to be scrambled. The intensity of re- . 
flection 502 must be sufficient at all its duration in 
order to *. prevent detect ion of pulses from the unwanted 
reflection. 

Figure 6 is illustrates a block diagram de- 
picting one embodiment of the invention where disturb- 
ing reflectors are used in the context of a 2*N or N*N 
optical splitter. A . splitter 600 has two optical fi- 
bers 630, and 632 that lead towards two or more ONUs 
either directly or via one of. several other splitters. 
Splitter 600 has an optical fiber 63 6 that is used for 
conveying upstream signals towards an eventual recipi- 
ent. Optical fiber 636 is connected to some equipment 
or element that generates an unwanted reflection 624 
of an upstream signal 610. In order to provide confi- 
dentiality in accordance with the invention, an extra 
optical fiber" 634 from splitter 600 is equipped with 
three discrete disturbing reflectors 602, 60.4 and 606. 
The numbers of disturbing reflectors, ONUs, splitters 
and optical fibers mentioned herein should be seen 
just as • examples for the purposes of the description 
of the invention. The number of disturbing reflectors , 
ONUs and optical fibers is thus not limited to their 



number in this example, but instead may vary- in any 
embodiments or implementations of the invention. Dis- 
turbing reflector 606 generates reflection 612. Dis- 
turbing reflector 604 generates a reflection, which 
combines with the reflection .612 thereby producing a 
reflection 614. Disturbing reflector 606 generates a 
reflection, which combines with reflection 614 thereby 
producing a reflection 616. When reflection 616 com- 
bines with an unwanted' reflection 624 at the splitter 
600, a reflection 622 is . thus generated in which 
transmitted signal 610 has been rendered indistin- 
guishable and undecodable . An ONU or an eavesdropper 
will not be able to decode transmitted signal 610 from 
reflection 622 . In addition to additive combination of 
reflected signals, there will also be interference of 
optical carriers, causing beat noise due to the opti- 
cal phase differences. It is obvious to a person 
skilled, in the art that with the advancement of tech- 
nology, the basic idea of the invention may be imple- 
mented in various ways. The invention and its. embodi- 
ments 1 are thus not limited to the examples described 
above; instead they may vary within the scope of . the 
claims . 
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CLAIMS: 

1 . A method for . ensuring confidentiality of 
signal transmission in a point- to-multipoint data 
transmission network, comprising at least one hub, at 
least one transmission medium and at least one station 
connected to said hub via said at . least one transmis- 
sion medium, the meth^ 

transmitting an upstream signal from a. first sta- 
tion; . '. : 

reflecting said upstream signal by at least one 
disturbing reflector for producing a disturbing re- 
flection; and : 

v combining said disturbing reflection with a second 
reflection of- said upstream- signal to render: said sec- 
ond reflection undecodable by a second station. 

2. The method according to claim 1, wherein 
said second reflection is an unwanted reflection. 

^ 3. The method according to claim "1, wherein a 
transmission medium is an optical fiber. 

, 4.. The method according to claim 3, wherein 
said data transmission network is an Ethernet passive 
optical network and said station is an optical network 
unit. • ' 

5. The method according to claim . 3, wherein 
said; at least one disturbing reflector comprises at 
least one discrete; reflector. . 

•' 6. The method according to claim 3, wherein 
said at least one disturbing reflector is a long con- 
tinuous reflector. \/ 

.7. The method according to claim .3, wherein 
said at least one disturbing reflector is located in a 
redundant branch of an optical splitter. 

8. A system for ensuring confidentiality of 
signal transmission in a point- to-multipoint data 
transmission network, comprising at least one hub, at 
least one . transmission medium and at least one station 
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connected to said hub via said at least one transmis- 
sion medium, the system further comprising: 

at least one disturbing reflector placed upstream 
of a first station and a possible point of eavesdrop- 
5 ping in said transmission network for producing a dis- 
turbing reflection of a signal transmitted by said 
first station, said disturbing reflection combining 
. with a, second reflection of said signal . .. 

,9. The. system according to claim 8, wherein 
10 said second reflection is an unwanted reflection. 

10. The system according to claim 8 # wherein 
a transmission .medium is an optical fiber. 

■, 11.. The system according to, claim 10 , wherein . 

said data. transmission network is an Ethernet .passive 
15 optical network and said station is an optical network 
.'. unit 

12 . The system according to claim 10, wherein 
said at least one disturbing reflector comprises at 
least /one discrete reflector. 
20 : 13. The system according to claim 10, wherein 

said vat least one disturbing reflector is a long con- 
tinuous reflector. 

14. The system according to claim 10, wherein 
said at least one disturbing reflector is located in a 

25 redundant branch of an optical splitter. 

15. A network comprising at least one -hub, a>t 
least one transmission medium arid at least one station 
connected, to said hub via said at least one. transmis- 
sion medium, . the network further comprising: 

30 at least one disturbing reflector placed upstream 

of a first station arid a possible .point of ..eavesdrop- 
ping, in said transmission network for producing a dis- 
turbing reflection of a signal transmitted by said 
first station, said disturbing reflection combining 

35 with a second reflection of said signal. 



16. The network according to claim 15, 
wherein said second reflection is an unwanted reflec- 
tion. 

17. The network according to claim 15, 
wherein a transmission medium is an optical fiber. 

18. The network according to: claim 17, 
wherein, said at least one disturbing reflector com- 
prises at least one discrete reflector . 

19. The' network according to claim 17, 
wherein said at, least one disturbing .reflector is a 
long continuous reflector. 

20. The network according to claim 17, 
wherein said at least one disturbing reflector is lo- 
cated in a redundant branch, of an optical ■splitter. 

21 . A transmission apparatus comprising at 
least one optical splitter and at. least orte connector 
for an optical network . unit , the transmission appara- 
tus further . comprising : 

at/ least one disturbing ref lector placed upstream 
of a first station and a possible point of eavesdrop- 
ping "in said transmission network for producing a : dis- 
turbing reflection of a signal transmitted by said 
first station, said disturbing reflection combining, 
with, a second reflection of said . signal . 

22 . The transmission apparatus according , to 
claim 21, - wherein said second reflection is an un- 
wanted reflection. 

23. The transmission apparatus according to 
claim 22, wherein said disturbing reflector comprises 
at least one discrete reflector. 

24. The transmission apparatus according to 
claim 22, wherein, said disturbing . reflector, is a long 
continuous reflector. . 

25. The transmission apparatus according to 
claim 22, wherein said disturbing, reflector is located 
in a redundant branch of an optical splitter. 
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ABSTRACT OF THE DISCLOSURE 

A method and system for ensur- 
ing confidentiality of signal transmis- 
sion in a point -to-multipoint data 
transmission network like Ethernet pas- 
sive optical network, comprising at 
least one hub,, at least one transmission 
medium,; and at least one station con- 
nected to the hub via the transmission 
medium. When an upstream signal is . 
transmitted from a first station; the 
upstream signal is reflected by at least 
'one disturbing reflector for producing a 
disturbing reflection. The disturbing 
reflection combines with a second re-: 
flection of the upstream signal and ren- 
ders the second^ reflection undecodable 
by a second station. 
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